Main Vulnerability Database SB2013041805

SB2013041805 - Permissions, Privileges, and Access Controls in xen (Alpine package)

Published: April 18, 2013

Security Bulletin ID SB2013041805

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-1922)

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=695a72617ae53a60aaefe8567f3e245882e5d6b8
https://git.alpinelinux.org/aports/commit/?id=6665cdadf07a7dc49d8e128fc8cdd368751c2bef
https://git.alpinelinux.org/aports/commit/?id=8c7a03b0e4c14ef5142e44a733ef2b39816c1d18